The Classify backend reads all of its runtime configuration from a singleDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Taykl12/Classify/llms.txt
Use this file to discover all available pages before exploring further.
.env file located at server/.env. This file is intentionally excluded from version control — you must create it by copying the example file and filling in the values specific to your Supabase project.
Create the env file
server/.env in your editor and replace the placeholder values described below.
Reference: all variables
SUPABASE_URL
The base URL of your Supabase project. Every API call the server makes — whether it is reading data, authenticating users, or accessing storage — goes to this URL.
Where to find it: Supabase Dashboard → Settings → API → Project URL
SUPABASE_ANON_KEY
The public anonymous key for your project. This key is subject to Row-Level Security (RLS) policies, so it is safe to expose in browser contexts. On the server it is used for user-scoped operations and for creating clients that act on behalf of authenticated users.
Where to find it: Supabase Dashboard → Settings → API → Project API keys → anon / public
SUPABASE_SERVICE_ROLE_KEY
The service role key grants full database access and bypasses all RLS policies. It is used exclusively by admin routes and professor-level operations that require elevated privileges.
Where to find it: Supabase Dashboard → Settings → API → Project API keys → service_role / secret
PORT
The TCP port the Express server listens on. Defaults to 3001. Change this if another process already occupies that port, or if your hosting platform requires a specific port (e.g. many platforms use 8080).
APP_ORIGIN
The full origin (scheme + host + optional port) of the frontend application. The server uses this value in two places:
- CORS headers — only requests from this origin are allowed to call the API.
- Password-reset redirect URL — Supabase Auth redirects users back to this origin after they click the reset link in their email.
https://classify.yourdomain.com.
ESP32_DEVICE_TOKEN
A shared secret string that ESP32 devices must include in requests to the attendance ingestion endpoint. The server validates this token to ensure only authorised hardware can push attendance records.
Complete .env.example
How Supabase clients are constructed
The server creates three distinct Supabase client instances depending on the privilege level required for a given operation:| Client | Keys used | RLS enforced | Typical usage |
|---|---|---|---|
createAnonClient() | SUPABASE_URL + SUPABASE_ANON_KEY | ✅ Yes | Public reads, role lookups |
createUserClient(accessToken) | SUPABASE_URL + SUPABASE_ANON_KEY + user JWT | ✅ Yes (as the authenticated user) | All student and professor data operations |
createAdminClient() | SUPABASE_URL + SUPABASE_SERVICE_ROLE_KEY | ❌ Bypassed | Admin routes, professor assignment, bulk operations |
createUserClient function injects the user’s JWT from the request so that RLS policies on tables like grupos_proyectos and usuarios are evaluated against the real authenticated user rather than an anonymous caller.
Next step
With your.env file in place, continue to Database Setup to apply the Supabase migrations and seed the roles table.